Do you disable hyperthreading? (poll)

[P4-630]

Yet Another Speculative Malfunction: Intel Reveals New Side-Channel Attack, Advises Disabling Hyper-Threading Below 8th, 9th Gen CPUs

Ouch doesn't even begin to describe how much that headline hurt. As far as speculative execution goes, it's been well covered by now, but here's a refresher. Speculative execution essentially means that your CPU tries to think ahead of time on what data may or may not be needed, and processes it...

www.techpowerup.com

I have 2 intel computers and they both have hyperthreading enabled.

 

[dorsetknob]

I'm More worried about the CIA Telapaths accessing my organic CPU than these Speculative Vector attacks

 

[NdMk2o1o]

SMT bitches yeaaaaaaa

Sorry, I'll see myself out

 

[silentbogo]

No. Why?
Just like with Spectre/Meltdown/Ryzenfall and whatever other weirdly-named vulnerability, it is a bit more complex and a bit blown out of proportions (in a John McAfee kinda way).
One of my machines is Ryzen 1600x, another one is i3-6100 running barebones Ubuntu server behind NAT only with port 80 and 443 and another one for SFTP facing the real world.
So far the only way I can get my mini-server get affected is if I have some sort of vulnerability in the software which gives the perpetrator the ability to install malware/cache sniffer on my PC, or server misconfiguration. If this happens - I'll be more concerned with said software vulnerability or with me being stupid.

Another thing you need to remember is that before switching your brain into a "panic mode" after reading some crap on the internet, you may want to check with the actual source regarding the nature of that attack and the actual attack vector. Even in their summary there is a key point that makes "disabling HT" kinda pointless in the grand scheme of things:

• Even without Hyperthreading, it is possible to leak data out of other protection domains. During experimentation it turned out, that ZombieLoad leaks endure serializing instructions. Such leaks do however work with lower probability and are harder to obtain.

So, with HT enabled you are kinda f#$%ed, and with HT disabled you are a little less kinda f#$%ed...

 

[Deleted member 178884]

No.
Reasoning is it's another "vulnerability" hackers won't take advantage of on the mainstream as there are plenty of other ways to money grab then take advantage of a complex vulnerability, and all these "vulnerabilities" took years to discover.

 

[lsevald]

No. I still haven't allowed win10 to patch the spectre/meltdown security holes. My haswell setup is on its last legs, and I just need it to survive a couple of more months until the new Ryzen becomes available.

My take on this is that you still need malicious code to run on your machine to exploit these vulnerabilities, just like any other virus/malware? Or am I wrong?

I'll rather update my anti-virus, firewall, origins ublocker and backup my data more often, than to cripple my computer performance further. For now anyway

 

[repman244]

No. Why?
Just like with Spectre/Meltdown/Ryzenfall and whatever other weirdly-named vulnerability, it is a bit more complex and a bit blown out of proportions.

This.
All of these so called vulnerabilities are blown way out of proportions - personally i wouldn't even care if there was no "fix" for them. They are a threat in enterprise/server etc. environments, but there are much bigger threats to home PC users then these are.
I also don't keep any critical files/info on my primary PC so I don't care if it gets infected.

 

[FYFI13]

I have disabled SMT on my rig, seems to help a bit when playing Arma 3

 

[xtreemchaos]

na, i did a while ago with my 7700k to see how it performed in cb15 and its not good its lessthan a fx8350, so ill leave as is i only use it for image processing i do everything else on my 2700x.

 

[Solaris17]

Nope, the odds of any of these affecting home
Users and users in general are less than winning the lottery. Iv tried to explain it in another thread but mass hysteria is a real thing.

 

[enxo218]

No, machine is for gaming mostly really and I'm not degrading cpu performance for maybe attacks. games from gog are backed up so worst scenario are reinstalls and steam re download. For guys working in cloud computing related tech tho...sirens are always going off I guess

 

[moproblems99]

Nope. These are just a threat for enterprise and datacenters unless you are a highly interesting person. Which I highly doubt. I know I'm not. I think it sucks all my data (medical records and all) are all housed on systems running these CPUs but my identity was stolen by a rogue person inside Bank of America anyway.

While these threats are real and serious, they just aren't serious to home users in 99.999999999999999999999999% of cases.

 

[freeagent]

I did, but not because of all of this. I watch tv through my computer, and with ht enabled the picture stuttered all the time. Didn't matter what browser I used. Using HDMI from my 980 to my amp. Now that Bell has dropped support for IE and Edge, I use firefox to view. Chrome stutters like the others did, Firefox is running good. Also picked up a few more gflops in linpack extreme with ht off, went from about 112 gflps to 122. And in a lot but not all of tests in aida64, I get my ass handed to me. The things we do for tv

Its like running a 3570k with 8mb cache

Edit:

Okay, so I just enabled it again, and everything is smooth again, not sure what to say! Maybe IE and Edge aren't the best to use these days heh.. So anyways, HT back on and all is well.

 

[TheoneandonlyMrK]

Nope, the odds of any of these affecting home
Users and users in general are less than winning the lottery. Iv tried to explain it in another thread but mass hysteria is a real thing.

Do you feel that hyperthreading needs disabling in the work place? I mean in areas like mine where validation and IP security is important but i suppose other areas might need it doing.??

Because I think corporate IP theft is likely to be the main use case for anyone actually trying to use such things that and financial theft and possibly cyberterror?.

 

[Bill_Bright]

No.
Reasoning is it's another "vulnerability" hackers won't take advantage of

That's assuming they even could - which is unlikely since it assumes the bad guys can just slip on past all the other computer and network defenses, plant and execute the code to exploit the vulnerability - while remaining undetected.

Plus, the initial knee-jerk advice for all users to disable hyper-threading has been rescinded or debunked by most experts.

but my identity was stolen by a rogue person instead Bank of America anyway.

As was mine with Equifax. But it is important to understand and remember in almost every corporate hacking event, the bad guys were successful because of negligence, laziness, and/or incompetence by those in charge of and responsible for the security of those systems. In the Equifax hack for example, the software developers had identified the vulnerability, developed, released and provided to Equifax the patch to fix that vulnerability months before the hack occurred. But Equifax never applied it. Why? Negligence, laziness and incompetence by the system administrators and lackadaisical attitudes by the executives. Heck! Much of our personal information wasn't even encrypted.

Do you feel that hyperthreading needs disabling in the work place?

If your work place is a free hotspot at McDonalds and you leave your notebook on your table unattended for 10 minutes, then maybe, yes.

And FTR, when AMD or any other chipmaker can offer a 100%, full money back guarantee their processors are 100% flaw-free, then and only then might I decide Intel's are no longer worth considering for my next personal build.

 

[EarthDog]

Yes.

But ONLY because I was put in a situation where I can. I got lucky and have a 7960x. My workload doesnt benefit from more than 6-8c/12-16t so I can.

That said, this security thing or not, with lesser core counts, like 4/6/8, I dont see a reason to do so as it can cause performance loss.

 

[Deleted member 158293]

Of course don't care for personal rigs & non-critical workstations. HT on.

Do very much care for network servers I'm responsible for, especially with the amount of hacking tries the logs are showing lately. HT off, only a matter of time for somebody to program bots which can use these new hacks and it's going to be painful (if not done already).

Now dealing with non-scheduled server upgrades...

 

[TheoneandonlyMrK]

That's assuming they even could - which is unlikely since it assumes the bad guys can just slip on past all the other computer and network defenses, plant and execute the code to exploit the vulnerability - while remaining undetected.

Plus, the initial knee-jerk advice for all users to disable hyper-threading has been rescinded or debunked by most experts.
As was mine with Equifax. But it is important to understand and remember in almost every corporate hacking event, the bad guys were successful because of negligence, laziness, and/or incompetence by those in charge of and responsible for the security of those systems. In the Equifax hack for example, the software developers had identified the vulnerability, developed, released and provided to Equifax the patch to fix that vulnerability months before the hack occurred. But Equifax never applied it. Why? Negligence, laziness and incompetence by the system administrators and lackadaisical attitudes by the executives. Heck! Much of our personal information wasn't even encrypted.

If your work place is a free hotspot at McDonalds and you leave your notebook on your table unattended for 10 minutes, then maybe, yes.

And FTR, when AMD or any other chipmaker can offer a 100%, full money back guarantee their processors are 100% flaw-free, then and only then might I decide Intel's are no longer worth considering for my next personal build.

eh Im not calling our IT department, im just interested generally , And play fair their are only two desktop CPU maker's, only a fool would'nt consider both options ,you can pick what you want but at least look around and i agree no cpu can ever be made to be secure 100% in the future, it does'nt work like that afaik.

 

[Deleted member 178884]

That's assuming they even could - which is unlikely since it assumes the bad guys can just slip on past all the other computer and network defenses, plant and execute the code to exploit the vulnerability - while remaining undetected.

Well according to all these AMD fanboys, every hacker is a professional and not a script kiddie, apparently.

 

[Aquinus]

Honestly, it's just another exploit that requires the stars to align to be useful for any real kind of malicious use. The PoC shows it can be done, it doesn't show how it can be useful. It's just another mitigation that I'm going to disable.

 

[Vya Domus]

I am going to venture and say that even corporations that make use of severs on a large scale are not going to concern themselves much with this.

 

[cucker tarlson]

is there a windows update coming to mitigate this and how do I disable it?

 

[moproblems99]

As was mine with Equifax. But it is important to understand and remember in almost every corporate hacking event, the bad guys were successful because of negligence, laziness, and/or incompetence by those in charge of and responsible for the security of those systems. In the Equifax hack for example, the software developers had identified the vulnerability, developed, released and provided to Equifax the patch to fix that vulnerability months before the hack occurred. But Equifax never applied it. Why? Negligence, laziness and incompetence by the system administrators and lackadaisical attitudes by the executives. Heck! Much of our personal information wasn't even encrypted.

Yeah, I mean like you said, there are likely always going to be far easier ways to get in but this just means that the attic vent is always open and waiting so you don't need to check all the windows and doors.

 

[xkm1948]

Welp I may have to go Threadripper with Zen2 cores next year. Disabling HT will be a huge no for me.

 

[Bill_Bright]

but this just means that the attic vent is always open

I see it totally opposite of that. The attic vent is located on the extreme outer perimeter of my home. And while my attic vent may be open, the extreme outer perimeter of my computer network is my router and it definitely is NOT open for anyone to crawl through.

A more applicable "house" analogy for me with this flaw would be if I left a stack of $20s in a lock box hidden in one of the 6 closets in my home. But the "flaw" is that the lock is broken on the box and a badguy can easily open it with a screwdriver - no key required. But to get those $20 he would have to breach my outer perimeter, crawl very quietly through the attic access panel to drop down (again very quietly) into the living area, get past my puppy dawgs without waking them, find the correct closet, find the lock box hidden in that closet, take the money then escape out of the house - all without running into me and my Glock 17 hollow-points waiting to remove the entire back of his skull. If he can do that, he can have the money.